1 files changed, 9 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 6e3a8a09..19dc5105 100644
--- a/NEWS
+++ b/NEWS
@@ -5,16 +5,23 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
+2.1.28 (xx-xxx-xxxx)
+
+  Bug fixes and other patches
+
+    - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
+      not working.  This is fixed.  (LP: #1779774)
+
 2.1.27 (22-Jun-2018)
 
   Security
 
     - Existing protections against malicious listowners injecting evil
       scripts into listinfo pages have had a few more checks added.
-      JVN#00846677/JPCERT#97432283
+      JVN#00846677/JPCERT#97432283/CVE-2018-0618
 
     - A few more error messages have had their values HTML escaped.
-      JVN#00846677/JPCERT#97432283
+      JVN#00846677/JPCERT#97432283/CVE-2018-0618
 
     - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
       the same as one generated at the same time for a different list and